fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

GLOBAL COVID 19-RELATED PHISHING CAMPAIGN BY NORTH KOREAN OPERATIVES LAZARUS GROUP EXPOSED BY CYFIRMA RESEARCHERS

GLOBAL COVID 19-RELATED PHISHING CAMPAIGN BY NORTH KOREAN OPERATIVES LAZARUS GROUP EXPOSED BY CYFIRMA RESEARCHERS

Reporting Date: 18 June 2020

Assessment Period: 1 to 16 June 2020

Subject: Hacker groups are planning a large-scale phishing campaign targeted at more than 5M individuals and businesses (small, medium, and large enterprises) across six countries and multiple continents

Motivation: Financial Gains

Method: The hacking campaign involved using phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support initiatives. These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information.

Executive Summary:

CYFIRMA Researchers have been tracking the Lazarus Group, a known hacker group sponsored by North Korea, for many years. Investigations into the Group’s activities have revealed detailed plans indicating an upcoming global phishing campaign.

Also read: Free PDPA Singapore Checklist 2020

There is a common thread across six targeted nations in multiple continents – the governments of these countries have announced significant fiscal support to individuals and businesses in their effort to stabilize their pandemic-ravaged economies. The following are some of the government-funded programs:

> Singapore, a small nation-state in Southeast Asia, has announced almost SGD 100B financial aid in various forms to stem unemployment and keep businesses afloat;

> Japan has announced stimulus funds of about 234 trillion yen;

> Korea government has allocated a total of US$200B of emergency relief funds for industries including carmakers, telecoms, airlines, shipbuilders, and small merchants. The relief funds include cash handouts to families with certain provinces extending the support to tax-paying foreigners;

> Indian government has announced Rs 20 lakh crore (US$307B) of credit, finance and collateral-free loans to micro, small and medium enterprises, as well as welfare packages for citizens;

> America has set aside trillions of dollars to design Economic Impact Payment or Stimulus Payments as well as Paycheck Protection Program to prop up its economy; and

> As part of the UK government COVID-19 recovery strategy, a number of support programs have been made available, such as Coronavirus Job Retention Scheme, and Self-Employment Income Support Scheme. The Government’s package has also been complemented by further contributions from the Bank of England.

The Lazarus Group’s upcoming phishing campaign is designed to impersonate government agencies, departments, and trade associations who are tasked to oversee the disbursement of the fiscal aid.

The hackers plan to capitalize on these announcements to lure vulnerable individuals and companies into falling for the phishing attacks.

Given the potential victims are likely to be in need of financial assistance, this campaign carries a significant impact on political and social stability.

CYFIRMA Researchers first picked up the lead on June 1, 2020, and have been analyzing the planned campaign, decoding the threats, and gathering evidence. Evidence points to hackers planning to launch attacks in six countries across multiple continents over a two-day period. Further research uncovered seven different email templates impersonating government departments and business associations.

As of time of reporting (18 Jun), we have not seen the phishing or impersonated sites defined in the email templates. But our research shows the hackers were planning to set that up in the next 24 hours.

We also observed that hackers are planning to spoof or create fake email IDs impersonating various authorities. These are some of the emails discussed in their phishing campaign plan:

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

Campaign Launch Dates:

According to the hackers plans as observed by CYFIRMA Research, the phishing campaigns are scheduled to launch in the following countries across multiple continents on the stated dates.

Country NameCampaign Launch DateTarget
USA20 June 2020Individuals
UK20 June 2020Businesses
Japan20 June 2020Individuals
India21 June 2020Individuals
Singapore21 June 2020Businesses
South Korea21 June 2020Individuals

Phishing Theme:

USA: Hackers claimed to have 1.4M curated email IDs. The Plan is to send the email below via a spoofed USDA email account luring them with fake Direct Payment of USD 1000 and inciting them to provide personal detail.  Pls see email evidence below.

UK: Hackers claimed to have 180,000 business contacts. The plan is to send email below via a spoofed Bank of England email account and luring them to provide business details, pressing them to provide before 26 June 2020. Pls see email evidence below.

Japan: Hackers claimed to have 1.1M individual email IDs and planning to send phishing email from a spoofed Ministry of Finance, Japan email account offering additional payment of JPY 80,000 for all citizens and residents of Japan. Pls see email evidence below.

India: Hackers claimed to have 2M individual email IDs. The plan is to send emails free COVID-19 testing for all residence of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad inciting them to provide personal information. Pls see email evidence below.

Singapore: Hackers claimed to have 8,000 business contact details and planning to send phishing email from a spoofed Ministry of Manpower email account offering additional payment of SGD 750 for all employees these companies have employed. Pls see email evidences below.

South Korea: Hackers claimed they have 700,000 individual email IDs and will send phishing email to all citizens announcing an additional 1M Won payment in cash and shopping vouchers. The fake email will be spoofed to impersonate the South Korean Government. Pls see email evidence below.

Also read: The FREE Guide To The 9 Obligations Of PDPA

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us